Java Code Examples for org.camunda.bpm.engine.impl.interceptor.CommandContext#isAuthorizationCheckEnabled()

The following examples show how to use org.camunda.bpm.engine.impl.interceptor.CommandContext#isAuthorizationCheckEnabled() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HistoricStatisticsManager.java    From camunda-bpm-platform with Apache License 2.0 6 votes vote down vote up
protected boolean ensureHistoryReadOnProcessDefinition(HistoricActivityStatisticsQueryImpl query) {
  CommandContext commandContext = getCommandContext();

  if(isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) {
    String processDefinitionId = query.getProcessDefinitionId();
    ProcessDefinitionEntity definition = getProcessDefinitionManager().findLatestProcessDefinitionById(processDefinitionId);

    if (definition == null) {
      return false;
    }

    return getAuthorizationManager().isAuthorized(READ_HISTORY, PROCESS_DEFINITION, definition.getKey());
  }

  return true;
}
 
Example 2
Source File: AuthorizationManager.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
/**
 * Checks if the current authentication contains the group
 * {@link Groups#CAMUNDA_ADMIN}. The check is ignored if the authorization is
 * disabled or no authentication exists.
 *
 * @throws AuthorizationException
 */
public void checkCamundaAdmin() {
  final Authentication currentAuthentication = getCurrentAuthentication();
  CommandContext commandContext = Context.getCommandContext();

  if (isAuthorizationEnabled() && commandContext.isAuthorizationCheckEnabled()
      && currentAuthentication != null  && !isCamundaAdmin(currentAuthentication)) {

    throw LOG.requiredCamundaAdminException();
  }
}
 
Example 3
Source File: AuthorizationManager.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected boolean isAuthCheckExecuted() {

    Authentication currentAuthentication = getCurrentAuthentication();
    CommandContext commandContext = Context.getCommandContext();

    return isAuthorizationEnabled()
        && commandContext.isAuthorizationCheckEnabled()
        && currentAuthentication != null
        && currentAuthentication.getUserId() != null;

  }
 
Example 4
Source File: StatisticsManager.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected void checkReadProcessDefinition(ActivityStatisticsQueryImpl query) {
  CommandContext commandContext = getCommandContext();
  if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) {
    String processDefinitionId = query.getProcessDefinitionId();
    ProcessDefinitionEntity definition = getProcessDefinitionManager().findLatestProcessDefinitionById(processDefinitionId);
    ensureNotNull("no deployed process definition found with id '" + processDefinitionId + "'", "processDefinition", definition);
    getAuthorizationManager().checkAuthorization(READ, PROCESS_DEFINITION, definition.getKey());
  }
}
 
Example 5
Source File: StatisticsManager.java    From camunda-bpm-platform with Apache License 2.0 5 votes vote down vote up
protected void checkReadDecisionRequirementsDefinition(HistoricDecisionInstanceStatisticsQueryImpl query) {
  CommandContext commandContext = getCommandContext();
  if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) {
    String decisionRequirementsDefinitionId = query.getDecisionRequirementsDefinitionId();
    DecisionRequirementsDefinition definition = getDecisionRequirementsDefinitionManager().findDecisionRequirementsDefinitionById(decisionRequirementsDefinitionId);
    ensureNotNull("no deployed decision requirements definition found with id '" + decisionRequirementsDefinitionId + "'", "decisionRequirementsDefinition", definition);
    getAuthorizationManager().checkAuthorization(READ, DECISION_REQUIREMENTS_DEFINITION, definition.getKey());
  }
}
 
Example 6
Source File: AuthorizationManager.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
protected void addPermissionCheck(AuthorizationCheck authCheck, CompositePermissionCheck compositeCheck) {
  CommandContext commandContext = getCommandContext();
  if (isAuthorizationEnabled() && getCurrentAuthentication() != null && commandContext.isAuthorizationCheckEnabled()) {
    authCheck.setPermissionChecks(compositeCheck);
  }
}
 
Example 7
Source File: DefaultDelegateInterceptor.java    From camunda-bpm-platform with Apache License 2.0 4 votes vote down vote up
protected void handleInvocationInContext(final DelegateInvocation invocation) throws Exception {
  CommandContext commandContext = Context.getCommandContext();
  boolean wasAuthorizationCheckEnabled = commandContext.isAuthorizationCheckEnabled();
  boolean wasUserOperationLogEnabled = commandContext.isUserOperationLogEnabled();
  BaseDelegateExecution contextExecution = invocation.getContextExecution();

  ProcessEngineConfigurationImpl configuration = Context.getProcessEngineConfiguration();

  boolean popExecutionContext = false;

  try {
    if (!configuration.isAuthorizationEnabledForCustomCode()) {
      // the custom code should be executed without authorization
      commandContext.disableAuthorizationCheck();
    }

    try {
      commandContext.disableUserOperationLog();

      try {
        if (contextExecution != null && !isCurrentContextExecution(contextExecution)) {
          popExecutionContext = setExecutionContext(contextExecution);
        }

        invocation.proceed();
      }
      finally {
        if (popExecutionContext) {
          Context.removeExecutionContext();
        }
      }
    }
    finally {
      if (wasUserOperationLogEnabled) {
        commandContext.enableUserOperationLog();
      }
    }
  }
  finally {
    if (wasAuthorizationCheckEnabled) {
      commandContext.enableAuthorizationCheck();
    }
  }

}